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IN THE CLAIMS 

This listing of claims will replace all prior versions of claims in the Application. 



WHAT IS CLAIMED IS: 

1 1 . (previously presented) A data processing apparatus for a vehicle, including: 

2 a first data processing unit (A) connected to device control units of the 

3 vehicle; 

4 a second data processing vmit (B) connected to conmiunications apparatus 

5 providing a wireless connection to an external network, such that operation requests 

6 can be received at the second data processing unit (B) from the extemal network; 

7 a data communications link between the first and second data processing 

8 units; and 

9 a gateway component for controlling conmiunications across the data 

10 communications link, the gateway component limiting passing of the operation 

1 1 requests from the second data processing unit to the vehicle's device control units to 

12 only a predefined set of permitted operations. 

1 2. (previously presented) A data processing apparatus according to claim 1 , 

2 wherein the first data processing unit (A) is adapted to store in an unmodifiable form 

3 a list of said predefined set of permitted operations and includes a gateway 

4 component for comparing all operation requests received from the second data 

5 processing unit (B) with the list of permitted operations, and then to pass the 

6 permitted operation requests to respective ones of said device control units and to 

7 discard non-permitted operation requests. 

1 3. (previously presented) A data processing apparatus according to claim 2 
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2 wherein the first data processing unit (A) includes a static operating system 

3 environment and the gateway component of the first data processing unit (A) runs in 

4 the static operating system environment. 

1 4. (previously presented) A data processing apparatus according to claim 1, 

2 wherein the second data processing unit (B) is adapted to store one or more access 

3 control lists defining which operation requests are permitted for particular requestors, 

4 and wherein the second data processing unit (B) includes a gateway component for 

5 comparing all operation requests on the first data processing unit (A) with the access 

6 control lists and only passing to the first data processing unit (A) those operation 

7 requests which are permitted for the respective requestors and discarding non- 

8 permitted operation requests. 

1 5. (previously presented) A data processing apparatus according to claim 1, 

2 wherein: 

3 the first data processing unit (A) includes a Real Time Operating System; and 

4 the second data processing unit (B) includes means for performing 

5 authentication of requestors and a gateway component for comparing all operation 

6 requests sent to the first data processing unit (A) with access control lists and for 

7 passing to the first data processing ixnit (A) only those operation requests which are 

8 permitted for the respective requestors and discarding non-permitted operation 

9 requests. 

6. (cancelled) 

1 7. (currently amended) A data processing apparatus, including: 

2 a first data processing unit connected to one or more security-critical 

3 resources: 

4 a second data processing unit connected to an external commxmications 

5 network such that operation requests can be received fi*om the external network; 
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6 a data communications link between the first and second data processing 

7 units; and 

8 a gateway component for controlling communications across the link, the 

9 gateway component limiting the operations which can be performed at the first data 

10 processing unit in response to requests fi:'om the second processing unit to only a 

11 predefined set of permitted operation, A data processing apparatus according to claim 

12 6; wherein the first and second data processing units and the link between them are 

1 3 implemented within a network-connected home environment, and the security-critical 

14 resources include security-critical devices within the home which are managed by 

1 5 application programs running on the first data processing unit. 

1 8. (currently amended) A data processing apparatus according to claim 6 7, 

2 wherein the external network is the Intemet. 



1 9. (original) A secure gateway computer program for a network-connected 

2 vehicle, comprising: 

3 a first gateway component for running on a first data processing unit 

4 connected to one or more device control units of the vehicle; and 

5 a second gateway component for running on a second data processing unit 

6 connected to communications apparatus for providing a wireless connection to an 

7 external network; 

8 wherein the first and second components of the secure gateway computer 

9 program are adapted to jointly control communications across a link between the first 

10 and second data processing units so as to limit the operations which can be performed 

11 at the first data processing unit in response to requests fi-om the second processing 

12 unit to only a predefined set of permitted operations. 

1 10. (original) A method for controlling the initiation of operations relating to 

2 secure resources on a first data processing unit such that only a limited predefined set 

3 of operations can be initiated by requests firom a second data processing unit 
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4 connected to the first data processing unit by a communications link, the method 

5 comprising: 

6 storing a Ust of permitted operations which can be requested fi"om the second 

7 data processing unit; 

8 comparing, by a secure gateway component which controls communications 

9 across the communications link, requests to perform operations relating to secure 

10 resources on the first data processing unit with the list of permitted operations; and 

1 1 only executing the permitted operations. 

1 11. (original) A method according to claim 10, implemented within a vehicle 

2 which includes the first and second data processing units, wherein the secure 

3 resources include the vehicle*s internal device control units. 
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